Corporation For National Research Initiatives Server Authentication Global Handle RegistryAcme Local Handle Service Site G1 Each handle client knows the.

Similar presentations

Presentation on theme: "Corporation For National Research Initiatives Server Authentication Global Handle RegistryAcme Local Handle Service Site G1 Each handle client knows the."— Presentation transcript:

1
Corporation For National Research Initiatives Server Authentication Global Handle RegistryAcme Local Handle Service Site G1 Each handle client knows the location or has a copy of the Global Handle Registrys service information (hash table),which contains globals servers public keys. The Global Handle Registry is a trusted source. Server G1-a Site #3 Server #1-a Client

2
Corporation For National Research Initiatives Server Authentication Client Sends query to Global: Where is handle 10.1234/d? Global Handle RegistryAcme Local Handle Service Site G1 Server G1-a Site #3 Server #1-a Client

3
Corporation For National Research Initiatives Server Authentication Response signed with Globals private key Global Handle RegistryAcme Local Handle Service Site G1 Server G1-a Site #3 Server #1-a Global responds with the service information for Acme LHS, which enables the client to determine the server on which handle 10.1234/d resides, and includes the servers public key. Client

5
Corporation For National Research Initiatives Server Authentication Global Handle RegistryAcme Local Handle Service Site G1 Server G1-a Site #3 Server #1-a The server responds with the handle value pair, signed with its private key. Client

6
Corporation For National Research Initiatives Server Authentication Client verifies response using the servers public key. Global Handle RegistryAcme Local Handle Service Site G1 Server G1-a Site #3 Server #1-a Client

7
Corporation For National Research Initiatives Server Authentication Summary Client*LHS ServerGlobal Server *Client has Global Handle Registrys service information, including Globals public key. The client verifies the response using the servers public key. Client queries Global for a handle. Global responds with service information for the LHS in which the handle resides. The response is signed with the Global servers private key. Using the service information, the client determines which server in the LHS to query for the handle. The service information included that servers public key. The LHS server responds with the handle value pair, signed with its private key.

8
Corporation For National Research Initiatives Distributed Administration (Using Server Authentication) Administrator Jane must have a private key

9
Corporation For National Research Initiatives Distributed Administration Modify Handle Request Administrator Jane Acme Local Handle Service Site #1 Server #1-b Administrator Jane sends the server a request to modify the data associated with handle 10.1234/d.

10
Corporation For National Research Initiatives Distributed Administration Modify Handle Request Administrator Jane Acme Local Handle Service Site #1 Server #1-b The server responds with a challenge consisting of a digest of the original request, plus a nonce (random set of bits).

11
Corporation For National Research Initiatives Distributed Administration Modify Handle Request Administrator Jane Acme Local Handle Service Site #1 Server #1-b Administrator Jane authenticates herself by returning a digest of the challenge signed with her private key, along with her personal administrators handle, admin/Jane.

12
Corporation For National Research Initiatives Administrator Jane Handle data for 10.1234/d is checked to confirm that Administrator Jane is an administrator for the handle, with permission to modify handle data. admin 10.1234/d8http://www.loc.gov/... URL 9admin/Jane Distributed Administration Modify Handle Request Acme Local Handle Service Site #1 Server #1-b

13
Corporation For National Research Initiatives Administrator jane Distributed Administration Modify Handle Request The server then resolves handle admin/Jane, located in a different Local Handle Service, to get Janes public key, which is stored as a handle value. Budget Local Handle Service Site BServer B-1 Site #1 Server #1-b Acme Local Handle Service

14
Corporation For National Research Initiatives Administrator Jane Distributed Administration Modify Handle Request The server in Budget LHS responds with the value of the public key for handle admin/Jane. Budget Local Handle Service Site BServer B-1 Site #1 Server #1-b Acme Local Handle Service admin/Janepublic keyadmin5

15
Corporation For National Research Initiatives Distributed Administration Modify Handle Request Administrator Jane Challenge Response The public key is used to authenticate the signed challenge response that Administrator Jane had sent to the server. PUBLIC KEY Budget Local Handle Service Site BServer B-1 Acme Local Handle Service Site #1 Server #1-b

16
Corporation For National Research Initiatives Administrator Jane Distributed Administration Modify Handle Request Budget Local Handle Service Site BServer B-1 Acme Local Handle Service Site #1 Server #1-b If the authentication is good, the data is changed and the server responds to Adminstrator Jane: OK

17
Corporation For National Research Initiatives Distributed Administration Modify Handle Request Summary Administrator*Other Local Handle ServiceLocal Handle Service *Administrator must have a public/private key pair. Administrator sends a request to the LHS to modify the value of handle 10.123/d. LHS server responds with a challenge requesting authentication from the administrator. Administrator returns a challenge response to the server that includes his personal handle, admin/X. Server confirms the administrator has permission to modify handle 10.123/d. Server uses the public key to authenticate Administrator Xs original challenge response, modfies handle 10.123/d, and sends confirmation back to Administrator X. Server resolves administrators handle admin/X, which in this example is located on a server maintained by a different Local Handle Service. Other LHS server responds with Administrator Xs public key.